package springmaven;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private UserDetailsService userDetailsService;

	@Autowired
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		// auth.userDetailsService(userDetailsService).and().authenticationProvider(authenticationProvider());
		auth.authenticationProvider(authenticationProvider());
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		super.configure(web);
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// sercurity 添加其他的过滤器的方法只能在这里
		// CharacterEncodingFilter encodingFilter = new
		// CharacterEncodingFilter();
		// encodingFilter.setEncoding("UTF-8");
		// encodingFilter.setForceEncoding(true);
		// // 在过滤器链第一个过滤器前面添加字符编码过滤器
		// http.addFilterBefore(encodingFilter, ChannelProcessingFilter.class);
		// http.addFilterBefore(encodingFilter, CsrfFilter.class);
		// HeaderWriter headerWriter = new HeaderWriter() {
		// public void writeHeaders(HttpServletRequest request,
		// HttpServletResponse response) {
		// response.setHeader("X-Frame-Options", "SAMEORIGIN");
		// }
		// };
		//---------------------------分界线--------------------------
		// 已授权的用户访问大于权限的资源时重新定向的禁止页
		String accessDeniedUrl = "/accessdenied";
		http.exceptionHandling().accessDeniedPage(accessDeniedUrl).and().authorizeRequests()
				.antMatchers("/usermanager/*", "/usermanager", "/userManager/").hasAnyRole("USER", "ADMIN")
				.antMatchers("/adminmanager/*", "/adminmanager").hasAnyRole("ADMIN")
				.antMatchers("/dwr/**", "/dwr/interface/*", "/login").permitAll().and().formLogin().loginPage("/login")
				.defaultSuccessUrl("/homepage?logined").and().httpBasic().and().rememberMe()
				.tokenValiditySeconds(2419200).and().csrf()
				.ignoringAntMatchers(new String[] { "/dwr/**", "/file_upload" }).and().headers().frameOptions()
				.sameOrigin().httpStrictTransportSecurity().disable();
	}

	// 密码的加密类
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	// 自定义授权类
	@Bean
	public DaoAuthenticationProvider authenticationProvider() {
		DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
		authenticationProvider.setUserDetailsService(userDetailsService);
		authenticationProvider.setPasswordEncoder(passwordEncoder());
		return authenticationProvider;
	}
}
